Author: jerry Date: 2007-12-10 15:37:34 +0000 (Mon, 10 Dec 2007) New Revision: 1159
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-web&rev=1159 Log: Adding original security advisory for CVE-2007-6015 Added: trunk/security/CVE-2007-6015.html Changeset: Added: trunk/security/CVE-2007-6015.html =================================================================== --- trunk/security/CVE-2007-6015.html 2007-12-10 15:33:46 UTC (rev 1158) +++ trunk/security/CVE-2007-6015.html 2007-12-10 15:37:34 UTC (rev 1159) @@ -0,0 +1,85 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> + +<head> +<title>Samba - Security Announcement Archive</title> +</head> + +<body> + + <H2>CVE-2007-6015 - Remote Code Execution in Samba's nmbd (send_mailslot())</H2> + +<p> +<pre> +========================================================== +== +== Subject: Boundary failure in GETDC mailslot +== processing can result in a buffer overrun +== +== CVE ID#: CVE-2007-6015 +== +== Versions: Samba 3.0.0 - 3.0.27a (inclusive) +== +== Summary: Specifically crafted GETDC mailslot requests +== can trigger a boundary error in the domain +== controller GETDC mail slot support which +== can be remotely exploited to execute arbitrary +== code. +== +========================================================== + +=========== +Description +=========== + +Secunia Research reported a vulnerability that allows for +the execution of arbitrary code in nmbd. This defect is +only be exploited when the "domain logons" parameter has +been enabled in smb.conf. + + +================== +Patch Availability +================== + +A patch addressing this defect has been posted to + + http://www.samba.org/samba/security/ + +Additionally, Samba 3.0.28 has been issued as a security +release to correct the defect. + + +========== +Workaround +========== + +Samba administrators may avoid this security issue by disabling +both the "domain logons" options in the server's smb.conf file. +Note that this will disable all domain controller features as +well. + + +======= +Credits +======= + +This vulnerability was reported to Samba developers by +Alin Rad Pop, Secunia Research. + +The time line is as follows: + +* Nov 22, 2007: Initial report to [EMAIL PROTECTED] +* Nov 22, 2007: First response from Samba developers confirming + the bug along with a proposed patch. +* Dec 10, 2007: Public security advisory made available. + + +========================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +========================================================== +</pre> +</body> +</html>